Closed mogul closed 3 years ago
Need to make a decision on Fluent Bit vs LogStash
notes to self:
Take a look at the logstash configs available from https://github.com/cloudfoundry-community/logsearch-for-cloudfoundry
How do we push our indexing config?
Memory calculation for Logstash https://github.com/cloudfoundry/java-buildpack-memory-calculator
User Story
In order to support data.gov's needs for monitoring and alerting on app behavior, the data.gov team wants to drain logs from cloud.gov spaces to a brokered instance of AWS ES.
Acceptance Criteria
[ACs should be clearly demoable/verifiable whenever possible. Try specifying them using BDD.]
gsa-datagov/management
space \ WHEN I generate traffic to a data.gov application in any space in thegsa-datagov
organization \ THEN I see the activity logged via the Kibana UI.Background
[Any helpful contextual notes or links to artifacts/evidence, if needed]
Security Considerations (required)
This story configures cloud.gov's platform-provided logging facilities to send logs from our spaces to a cloud.gov-brokered instance of AWS Elasticsearch. We assume that cloud.gov has ensured that the communication mechanisms are secured with TLS, and that client credentials are used for accessing the AWS ES endpoints; this should be verified. If IP restrictions are in place (eg only the cloud.gov egress IP ranges are permitted), then we should be noting that and documenting how to access the Kibana UI in our runbook. (Even if cloud.gov does not apply IP restrictions on its own, we should consider whether we want to add them ourselves.)
Note that AWS ES should be configured to prevent modifications of records in accordance with AU-9 if possible. If that's not possible, we may want to investigate how to also drain logs to CloudWatch Logs; this would likely happen via a separate issue.
Sketch
es-medium-ha
instance of theaws-elasticsearch
service in themanagement
spacefluent-bit
as an app using the apt-buildpack, configured with the syslog input and the Elasticsearch output. (Cloud Foundry documents how to configure the input plugin.)log-drain
CF CLI plugin.